From: Jan J. K. <ja...@ni...> - 2008-05-28 12:36:01
|
Hi Marius, Marius@Karthaus.nl wrote: > Hello, > > We currently have a /24 IPv4 range that is routed to a datacenter where > we host some servers. Soon we will have a second datacenter location > with it's own IPv4 range. What I'm trying to figure out is if it is > possible to 'interconnect' these ranges using an openVPN setup on a > layer2 level. I know that this setup will cost a lost of extra traffic, > but it will smooth the migration of the servers from one location to the > other (the physical move and the IP move do not have to be at the exact > same moment, and during a period of time, in both data centers, both the > old IP and the new IP will be available) > > > Lets say we have DC1 and DC2 : > > DC1 has 80.80.80.0/24 with 80.80.80.1 as the default route. > DC2 has 90.90.90.0/24 with 90.90.90.1 as the default route. > > Now what I'd like to do is configure a server in each location that is > connected using an openVPN tunnel to the one in the other location, I'll > call them V1 and V2. > Using the tunnel between V1 and V2, I want to be able to hook up a > server in DC2 with an IP of DC1. Let's say we give this server an IP: > 80.80.80.10. > Traffic to 80.80.80.10 will be routed to DC1, there the MAC of the > server in DC2 should be announced by V1 as having that IP, the traffic > should be tunneled and forwarded on the network in DC2 by V2. > Vice-versa, the server needs to 'find' his upstream router behind the > tunnel. > > How do I set this up? My guess is to set up ethernet bridging like this: > > http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.html > > However since there are no 'private networks behind a nat router with > internet in between' the situation is a bit different. I'm unsure what > IPs to hook up to what (virtual) interface to make this work, the VPN > endpoints will probably have real-world IPs from the same subnets as I'm > trying to route. > > ethernet bridging is the way to go for your case, but there are some pitfalls: - I'd use a Linux openvpn server on both ends because it's more flexible - in general, the endpoints of the openvpn servers CANNOT have an IP address that is in the range of subnets that you are trying to connect. This would create routing loops which are hard to circumvent in a bridging setup HTH, JJK |